The remote host is missing an update to kdegraphicsannounced via advisory MDKSA-2005:020.

A buffer overflow vulnerability was discovered in the xpdf PDF code, which could allow for arbitrary code execution as the user viewing a PDF file. The vulnerability exists due to insufficient boundschecking while processing a PDF file that provides malicious values inthe /Encrypt /Length tag. Kdegraphics uses xpdf code and is susceptible to the same vulnerability.

10.1 packages also include a fix for ksvg kde bug #74457.

The updated packages have been patched to prevent these problems.

Affected versions: 10.0, 10.1, Corporate Server 3.0

Solution:To upgrade automatically use MandrakeUpdate or urpmi. The verificationof md5 checksums and GPG signatures is performed automatically for you.